China, U.S. Talk Norms in Cyberspace – What Do They Mean?

Experts from China and the United States recently met in Washington in the first formal sessions of the Senior Experts Group on International Norms and Related Issues and had ‘”positive, in-depth and constructive” discussions regarding state behavior in cyberspace, as well as international law and “confidence-building measures in the field,” according to Xinhua.

Experts from China and the United States recently met in Washington in the first formal sessions of the Senior Experts Group on International Norms and Related Issues and had ‘”positive, in-depth and constructive” discussions regarding state behavior in cyberspace, as well as international law and “confidence-building measures in the field,” according to Xinhua.

At the heart of the issue is two prominent topics: internet governance and cybercrime.

Where the Internet was once celebrated as beyond the reach of state power, it now has become incontrovertible that state actors can wield tremendous influence in cyberspace. That influence can be divided into three categories: use of networks for espionage, intelligence gathering, surveillance and monitoring; second, use of networks to disable or harm their opponents’ networks; use of networks to engender “kinetic effects,” or damage to enemy targets in real space. Of top concern is the effect of a cyberattack on a country’s critical infrastructure, such as its telecommunication networks, power grid or industrial control systems. In the popular press, this is portrayed as China “switching off the lights” in the West.

Many experts suggest cyberspace conflicts should be governed by the international law of armed conflict, whereby aggression not permitted in real space would not be permitted in cyberspace. China has expressed strong reservations against this application, arguing that cyberspace should not be weaponized or militarized. Instead, China proposed that cyber-related security questions should be dealt with through sui generis regimes, such as the code for state conduct in cyberspace it proposed to the UN General Assembly as part of the Shanghai Cooperation Organization. More recently, however, China has come to acknowledge the application of international law in cyberspace.

How does one define an act of war in cyberspace? Is every intrusion an aggressive act, or does it need to meet a threshold of kinetic consequences?

This is where the development of norms is important. (Re)writing international law is a slow, time-consuming process and the rapid evolution of cyberspace requires a more flexible approach. Norms, or generally accepted modes of behaviour, can develop much more readily, and form the precursor of more stable legal rules to follow. They provide some measures of consistency and predictability, even without a formal enforcement mechanism. Moreover, traditional international law largely deals with traditional sorts of state-to-state conflict. It has little to say about the sort of minor, but continuous skirmishes, that characterize events in cyberspace.

Accusing China of wholesale, state-supported intellectual property theft through cyber espionage, the United States is seeking to establish a norm where it is only legitimate for states to conduct intelligence operations against the traditional sort of targets for state-to-state espionage. China, on the other hand, has denounced the American stance on cyber operations as a ploy to maintain its hegemonic status.

What is it, then, that these talks are supposed to bring, apart from more talks in six months time? Some would say it is most important to build trust. For the moment, however, that seems unlikely: there simply is too wide a disparity in perceptions and expectations for trust to be a realistic objective in the short term. A better option, and equally important for avoiding conflict, is transparency. Hopefully, better information about counterparts’ capabilities and intention reduces uncertainty and risk hedging, and thereby also reduces the risk of conflict.

The group, which plans to meet twice a year, was born from a deal reached during President Xi Jinping’s 2015 state visit. From the Chinese side, it was composed of members of the Ministry of Foreign Affairs, the Ministry of National Defense, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, and the Ministry of Public Security. The US delegation included representatives from the Department of State, the Department of Defense, the Department of Justice, and the Department of Homeland Security.

About the author: This article originally appeared in China-US Focus. Rogier Creemers is a post-doctoral research officer at the Programme for Comparative Media Law and Policy. On the basis of his background in Chinese Studies and International Relations, he wrote a Ph.D. thesis on the relationship between media piracy in China, intellectual property law and media regulation, and globalization. His main research interests include the nexus between media policy and political change in China, with a particular focus on the processes of cooptation and confrontation between the vested regime and potential challengers. Apart from his academic writing, Creemers also regularly publishes op-ed articles in various outlets, including openDemocracy and the China Law Blog, as well as in Belgian and Dutch newspapers. He is the editor of the China Copyright and Media website.